Page 1 GS2210 Series Intelligent Layer 2 GbE Switch Version 4.30 Edition 1, 10/2015 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 User Name admin www.zyxel.com Password 1234 Copyright © 2015 ZyXEL Communications Corporation...
Page 2 Note: It is recommended you use the Web Configurator to configure the Switch. • Web Configurator Online Help Click the help icon in any screen for help in configuring that screen and supplementary information. • More Information Go to support.zyxel.com to find other information on the Switch. GS2210 Series User’s Guide...
Page 3: Table Of Contents
AAA ............................... 211 IP Source Guard ...........................222 Loop Guard ............................257 Layer 2 Protocol Tunneling ........................261 PPPoE ..............................265 Error Disable ............................273 Private VLAN ............................280 Green Ethernet ............................282 Link Layer Discovery Protocol (LLDP) ....................284 Anti-Arpscan ............................309 BPDU Guard ............................315 GS2210 Series User’s Guide...
Page 4 ARP Setup ............................349 Maintenance ............................353 Access Control ............................362 Diagnostic .............................385 System Log ............................388 Syslog Setup ............................389 Cluster Management ..........................392 MAC Table .............................398 ARP Table .............................401 Path MTU Table ............................403 Configure Clone ............................404 IPv6 Neighbor Table ..........................407 Troubleshooting ............................409 GS2210 Series User’s Guide...
Page 5: Table Of Contents
3.1.1 Gigabit Ethernet Ports ......................27 3.1.2 Mini-GBIC Slots ........................28 3.1.3 LED Mode (only available for GS2210-48HP) .................30 3.2 Rear Panel ............................30 3.2.1 Console Port ..........................31 3.2.2 Power Connector ........................31 3.3 LEDs ...............................31 Part II: Technical Reference................33 GS2210 Series User’s Guide...
Page 6 7.1.1 What You Can Do ........................55 7.2 Status ..............................55 7.3 ZyXEL One Network (ZON) Utility Screen ..................57 7.4 ZON Neighbor Management Screen ....................58 7.5 Port Status ............................59 7.5.1 Port Details ...........................61 Chapter 8 Basic Setting ............................64 8.1 Overview ............................64 GS2210 Series User’s Guide...
Page 7 9.7 Protocol Based VLANs ........................104 9.7.1 Configuring Protocol Based VLAN ..................104 9.8 Voice VLAN .............................106 9.9 MAC Based VLAN ...........................107 9.10 Port-Based VLAN Setup ......................109 9.10.1 Configure a Port-Based VLAN .....................109 9.11 Technical Reference ........................112 GS2210 Series User’s Guide...
Page 8 13.9 Multiple Spanning Tree Protocol Status ..................137 13.10 Technical Reference ........................139 13.10.1 MSTP Network Example ....................139 13.10.2 MST Region ........................140 13.10.3 MST Instance ........................141 13.10.4 Common and Internal Spanning Tree (CIST) ..............141 Chapter 14 Bandwidth Control..........................142 GS2210 Series User’s Guide...
Page 9 18.3 Activate IEEE 802.1x Security ....................159 18.3.1 Guest VLAN ........................160 18.4 Activate MAC Authentication ......................162 Chapter 19 Port Security .............................165 19.1 Port Security Overview .........................165 19.1.1 What You Can Do ........................165 19.2 Port Security Setup ........................165 GS2210 Series User’s Guide...
Page 10 24.1.2 What You Need to Know ......................186 24.2 Multicast Setup ..........................190 24.3 IPv4 Multicast Status ........................190 24.3.1 IGMP Snooping ........................191 24.3.2 IGMP Snooping VLAN ......................193 24.3.3 IGMP Filtering Profile ......................195 24.4 IPv6 Multicast Status ........................196 24.4.1 MLD Snooping-proxy ......................197 GS2210 Series User’s Guide...
Page 11 26.8 ARP Inspection VLAN Status ......................237 26.9 ARP Inspection Log Status ......................238 26.10 ARP Inspection Configure ......................240 26.10.1 ARP Inspection Port Configure ..................241 26.10.2 ARP Inspection VLAN Configure ..................243 26.11 IPv6 Source Guard Overview .....................244 26.12 IPv6 Source Binding Status ......................244 GS2210 Series User’s Guide...
Page 12 29.3.3 PPPoE IA for VLAN ......................271 Chapter 30 Error Disable .............................273 30.1 Error Disable Overview ........................273 30.1.1 CPU Protection Overview ....................273 30.1.2 Error-Disable Recovery Overview ..................273 30.1.3 What You Can Do ........................273 30.2 Error Disable Screen ........................274 30.3 Error-Disable Status ........................274 GS2210 Series User’s Guide...
Page 13 34.1.2 What You Need to Know ......................309 34.2 Anti-Arpscan Status ........................310 34.3 Anti-Arpscan Host Status ......................310 34.4 Anti-Arpscan Trust Host ....................... 311 34.5 Anti-Arpscan Configure ........................312 Chapter 35 BPDU Guard ............................315 35.1 BPDU Guard Overview ........................315 GS2210 Series User’s Guide...
Page 14 39.2 Activating DiffServ ........................334 39.3 DSCP-to-IEEE 802.1p Priority Settings ..................335 39.3.1 Configuring DSCP Settings ....................336 Chapter 40 DHCP..............................337 40.1 DHCP Overview ..........................337 40.1.1 What You Can Do ........................337 40.1.2 What You Need to Know ......................337 40.2 DHCP Configuration ........................338 GS2210 Series User’s Guide...
Page 15 42.7.1 FTP Command Line ......................359 42.7.2 Filename Conventions ......................360 42.7.3 FTP Command Line Procedure ..................360 42.7.4 GUI-based FTP Clients ......................361 42.7.5 FTP Restrictions .........................361 Chapter 43 Access Control ..........................362 43.1 Access Control Overview ......................362 43.1.1 What You Can Do ........................362 GS2210 Series User’s Guide...
Page 16 47.3 Clustering Management Configuration ..................394 47.4 Technical Reference ........................396 47.4.1 Cluster Member Switch Management ................396 Chapter 48 MAC Table ............................398 48.1 MAC Table Overview ........................398 48.1.1 What You Can Do ........................398 48.1.2 What You Need to Know ......................398 GS2210 Series User’s Guide...
Page 17 53.1 Power, Hardware Connections, and LEDs ..................409 53.2 Switch Access and Login ......................410 53.3 Switch Configuration ........................412 Appendix A Customer Support ......................413 Appendix B Common Services ......................419 Appendix C IPv6 ..........................422 Appendix D Legal Information ......................430 Index ..............................435 GS2210 Series User’s Guide...
Page 18: User's Guide
User’s Guide...
Page 19: Getting To Know Your Switch
H A PT ER Getting to Know Your Switch 1.1 Introduction This chapter introduces the main features and applications of the Switch. The GS2210 Series consists of the following models: • GS2210-8 • GS2210-8HP • GS2210-24 • GS2210-24HP • GS2210-48 •...
Page 20: Backbone Application
Switch’s port or connect other switches to the Switch. In this example, all computers can share high-speed applications on the server. To expand the network, simply add more networking devices such as switches, routers, computers, print servers etc. GS2210 Series User’s Guide...
Page 21: Bridging Example
Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance. The Switch can provide the same bandwidth GS2210 Series User’s Guide...
Page 22: Ieee 802.1Q Vlan Application Examples
Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. Figure 4 Shared Server Using VLAN Example GS2210 Series User’s Guide...
Page 23: Ways To Manage The Switch
Switch to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the Switch. You could simply restore your last configuration. GS2210 Series User’s Guide...
Page 24: Hardware Installation And Connection
• Four M5 flat head screws and a #2 Philips screwdriver. Failure to use the proper screws may damage the unit. 2.3.1.1 Precautions • Make sure the rack will safely support the combined weight of all the equipment it contains. GS2210 Series User’s Guide...
Page 25: Attaching The Mounting Brackets To The Switch
Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack. GS2210 Series User’s Guide...
Page 26 Figure 6 Mounting the Switch on a Rack Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. Repeat steps to attach the second mounting bracket on the other side of the rack. GS2210 Series User’s Guide...
Page 27: Hardware Panels
3.1.1 Gigabit Ethernet Ports The Switch has 1000Base-T auto-negotiating, auto-crossover Ethernet ports. In 10/100/1000 Mbps Gigabit, the speed can be 10 Mbps, 100 Mbps or 1000 Mbps and the duplex mode can be half duplex or full duplex. GS2210 Series User’s Guide...
Page 28: Mini-Gbic Slots
You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic or even copper cable connectors. To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors. GS2210 Series User’s Guide...
Page 29 Use the following steps to remove a mini-GBIC transceiver (SFP module). Remove the fiber optic cables from the transceiver. Open the transceiver’s latch (latch styles vary). Pull the transceiver out of the slot. Figure 15 Removing the Fiber Optic Cables GS2210 Series User’s Guide...
Page 30: Led Mode (Only Available For Gs2210-48Hp)
3.2 Rear Panel The following figures show the rear panels of the Switch. Figure 18 Rear Panel: GS2210-8 Figure 19 Rear Panel: GS2210-8HP Figure 20 Rear Panel: GS2210-24 Figure 21 Rear Panel: GS2210-24HP Figure 22 Rear Panel: GS2210-48 GS2210 Series User’s Guide...
Page 31: Console Port
The system is turned on. The system is off or has failed. Green The system is on and functioning properly. Blinking The system is rebooting and performing self-diagnostic tests. The power is off or the system is not ready/malfunctioning. GS2210 Series User’s Guide...
Page 32 25-28 Amber The uplink port is linking at 100 Mbps. (GS2210-24/ Blinking The system activity is transmitting/receiving data 100 Mbps. 24HP) There is no link or port, the uplink port is shut down. 45-50 (GS2210-48/ 48HP) GS2210 Series User’s Guide...
Page 33: Technical Reference
Technical Reference...
Page 34: The Web Configurator
The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. GS2210 Series User’s Guide...
Page 35: The Status Screen
A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. B, C, D, E, F - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in. GS2210 Series User’s Guide...
Page 36 G - Click this link to go to the ZON Neighbor Management screen where you can see and manage neighbor devices learned by the Switch. In the navigation panel, click a main link to reveal a list of submenu links. Table 5 Navigation Panel Sub-links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT GS2210 Series User’s Guide...
Page 37 This link takes you to screens where you can configure the Switch to group packets based on the specified criteria. Policy Rule This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets. GS2210 Series User’s Guide...
Page 38 This link takes you to a screen where you can ping IP addresses, run traceroute, test port(s) and show the Switch’s location. System Log This link takes you to a screen where you can view system logs. GS2210 Series User’s Guide...
Page 39: Change Your Password
4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2210 Series User’s Guide...
Page 40: Switch Lockout
To upload the configuration file, do the following: Connect to the console port using a computer with terminal emulation software. Disconnect and reconnect the Switch’s power to begin a session. When you reconnect the Switch’s power, you will see the initial screen. GS2210 Series User’s Guide...
Page 41: Logging Out Of The Web Configurator
Figure 27 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen. GS2210 Series User’s Guide...
Page 42: Initial Setup Example
In this example, you want to configure port 1 as a member of VLAN 2. Figure 28 Initial Setup Network Example: VLAN Click Advanced Application > VLAN > VLAN Configuration in the navigation panel and click the Static VLAN Setup link. GS2210 Series User’s Guide...
Page 43: Setting Port Vid
VLAN group that the tag defines. In the example network, configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2. GS2210 Series User’s Guide...
Page 44: Configuring Switch Management Ip Address
The default management IP address of the Switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example. Figure 30 Initial Setup Example: Management IP Address GS2210 Series User’s Guide...
Page 45 This is the same as the VLAN ID you configure in the Static VLAN screen. Click Add to save your changes back to the run- time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2210 Series User’s Guide...
Page 46: Tutorials
1 and 100 DHCP Client (B) 1 and 100 DHCP Client (C) 1 and 100 Access the Switch through http://192.168.1.1 by default. Log into the Switch by entering the username (default: admin) and password (default: 1234). GS2210 Series User’s Guide...
Page 47 Go to Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup, and set the PVID of the ports 5, 6 and 7 to 100. This tags untagged incoming frames on ports 5, 6 and 7 with the tag 100. Figure 33 Tutorial: Tag Untagged Frames GS2210 Series User’s Guide...
Page 48 5 because the DHCP server is connected to port 5. Keep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply. Tutorial: Set the DHCP Server Port to Trusted Figure 35 GS2210 Series User’s Guide...
Page 49: How To Use Dhcpv4 Relay On The Switch
This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server. The DHCP server can then assign a specific IP address based on the information in the DHCP requests. GS2210 Series User’s Guide...
Page 50: Dhcp Relay Tutorial Introduction
Follow the steps below to configure port 2 as a member of VLAN 102. Access the web configurator through the Switch’s management port. Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. GS2210 Series User’s Guide...
Page 51 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending. Click Add to save the settings to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off. GS2210 Series User’s Guide...
Page 52 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory. GS2210 Series User’s Guide...
Page 53: Configuring Dhcpv4 Relay
Enter the DHCP server’s IP address (192.168.2.3 in this example) in the Remote DHCP Server 1 field. Select default1 or default2 in the Option 82 Profile field. Click Apply to save your changes back to the run-time memory. GS2210 Series User’s Guide...
Page 54: Troubleshooting
You configured the correct VLAN ID, port number and system name for DHCP relay on both the DHCP server and the Switch. You clicked the Save link on the Switch to have your settings take effect. GS2210 Series User’s Guide...
Page 55: Status And Zon
7.2 Status The Status screen displays when you log into the Switch or click Status at the top right corner of the web configurator. The Status screen displays general device information, system status, and its IP addresses. GS2210 Series User’s Guide...
Page 56 After it times out you have to log in with your password again. Detail Click this link to go to the Basic Setting > System Info screen to check other detailed information, such as system resource usage and the Switch temperature, fan speeds or voltage. IP Address Information GS2210 Series User’s Guide...
Page 57: Zyxel One Network (Zon) Utility Screen
ZON Utility screen and you can perform tasks like basic configuration of the devices and batch firmware upgrade in it. You can download the ZON Utility at www.zyxel.com and install it on a PC. The following figure shows the ZON Utility screen. GS2210 Series User’s Guide...
Page 58: Zon Neighbor Management Screen
(turn the power off and then back on again), and reset to factory default settings in the Neighbor Management screen. For more information on LLDP, see (Section 33.1 on page 284). Click Status > Neighbor to see the following screen. Status > Neighbor Figure 46 GS2210 Series User’s Guide...
Page 59: Port Status
7.5 Port Status This screen displays a port statistical summary with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens and then the Port Status link GS2210 Series User’s Guide...
Page 60 This field shows the number of received frames on this port. Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number of kilobytes per second transmitted on this port. GS2210 Series User’s Guide...
Page 61: Port Details
Click a number in the Port column in the Port Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 48 Port Status > Port Details GS2210 Series User’s Guide...
Page 62 This is the number of times a late collision is detected, that is, after 512 bits of the packets have already been transmitted. Error Packet The following fields display detailed information about packets received that were in error. RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check) error(s). GS2210 Series User’s Guide...
Page 63 1024 and 1518 octets in length. Giant This field shows the number of packets (including bad packets) received that were between 1519 octets and the maximum frame size. The maximum frame size varies depending on your switch model. GS2210 Series User’s Guide...
Page 64: Basic Setting
92) to configure the default domain name server. 8.2 System Information In the navigation panel, click Basic Setting > System Info to display the screen as shown. Use this screen to view general system information. You can check the firmware version number. GS2210 Series User’s Guide...
Page 65 BOARD, MAC and PHY refer to the location of the temperature sensors on the Switch printed circuit board. Current This shows the current temperature at this sensor. This field displays the maximum temperature measured at this sensor. This field displays the minimum temperature measured at this sensor. GS2210 Series User’s Guide...
Page 66: General Setup
Error is displayed. 8.3 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 67 This field displays the date you open this menu. New Date (yyyy- Enter the new date in year, month and day format. The new date then appears in the mm-dd) Current Date field after you click Apply. GS2210 Series User’s Guide...
Page 68: Introduction To Vlans
In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic. GS2210 Series User’s Guide...
Page 69: Switch Setup
GARP Timer: Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. See the chapter on VLAN setup for more background information. GS2210 Series User’s Guide...
Page 70: Ip Setup
8.6 IP Setup Use the IP Setup screen to configure the Switch IP address, default gateway device, and the management VLAN ID. The default gateway specifies the IP address of the default gateway (next hop) for outgoing traffic. GS2210 Series User’s Guide...
Page 71: Management Ip Addresses
Select this option if you don’t have a DHCP server or if you wish to assign static IP address information to the Switch. You need to fill in the following fields when you select this option. GS2210 Series User’s Guide...
Page 72: Port Setup
Click Cancel to clear the selected check boxes in the Delete column. 8.7 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen. GS2210 Series User’s Guide...
Page 73 Enter a descriptive name that identifies this port. You can enter up to 64 alpha-numerical characters. Note: Due to space limitation, the port name may be truncated in some web configurator screens. Type This field displays the capacity that the port can support. GS2210 Series User’s Guide...
Page 74: Poe Status
In the figure below, the IP camera and IP phone get their power directly from the Switch. Aside from minimizing the need for cables and wires, PoE removes the hassle of trying to find a nearby electric outlet to power up devices. GS2210 Series User’s Guide...
Page 75 Note: The POE (Power over Ethernet) devices that supply or receive power and their connected Ethernet cables must all be completely indoors. To view the current amount of power that PDs are receiving from the Switch, click Basic Setting > PoE Setup. Figure 55 Basic Setting > PoE Status GS2210 Series User’s Guide...
Page 76: Poe Time Range Status
This field displays the maximum amount of power the PD could use from the Switch on this (mW) port. 8.8.1 PoE Time Range Status Use this screen to see whether PoE is scheduled to be enabled on a port. GS2210 Series User’s Guide...
Page 77: Poe Setup
Use this screen to set the priority levels, power-up mode and schedule for the Switch in distributing power to PDs. Click the PoE Setup link in the Basic Setting > PoE Status screen. The following screen opens. GS2210 Series User’s Guide...
Page 78 Note: Changes in this row are copied to all the ports as soon as you make them. Select this to provide power to a PD connected to the port. If left unchecked, the PD connected to the port cannot receive power from the Switch. GS2210 Series User’s Guide...
Page 79: Interface Setup
Use this screen to set IPv6 interfaces on which you can configure an IPv6 address to access and manage the Switch. Click Basic Setting > Interface Setup in the navigation panel to display the configuration screen. GS2210 Series User’s Guide...
Page 80: Ipv6
Click Cancel to clear the check boxes. 8.10 IPv6 Use this screen to view the IPv6 interface status and configure Switch’s management IPv6 addresses. Click Basic Setting > IPv6 in the navigation panel to display the IPv6 status screen as shown next. GS2210 Series User’s Guide...
Page 81: Ipv6 Interface Status
This field displays whether the IPv6 interface is activated or not. 8.10.1 IPv6 Interface Status Use this screen to view a specific IPv6 interface status and detailed information. Click an interface index number in the Basic Setting > IPv6 screen. The following screen opens. GS2210 Series User’s Guide...
Page 82 This field displays the Switch’s link-local IP address and prefix generated by the interface. It Address also shows whether the IP address is preferred, which means it is a valid address and can be used as a sender or receiver address. GS2210 Series User’s Guide...
Page 83 This field displays the address record when the Switch queries the DNS server to resolve domain names. Restart Click Click Here to send a new DHCP request to the DHCPv6 server and update the IPv6 DHCPv6 Client address and DNS information for this interface. GS2210 Series User’s Guide...
Page 84: Ipv6 Configuration
Click the link to go to a screen where you can configure the Switch DHCP settings. Setup 8.10.3 IPv6 Global Setup Use this screen to configure the global IPv6 settings. Click the link next to IPv6 Global Setup in the IPv6 Configuration screen to display the screen as shown next. GS2210 Series User’s Guide...
Page 85: Ipv6 Interface Setup
Use this screen to turn on or off an IPv6 interface and enable stateless autoconfiguration on it. Click the link next to IPv6 Interface Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 63 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup GS2210 Series User’s Guide...
Page 86: Ipv6 Link-Local Address Setup
Table 26 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure. Link-Local Manually configure a static IPv6 link-local address for the interface. Address GS2210 Series User’s Guide...
Page 87: Ipv6 Global Address Setup
Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 88: Ipv6 Neighbor Discovery Setup
Specify the number of consecutive neighbor solicitations (from 0 to 600) the Switch sends for this interface. Enter 0 to turn off DAD. NS Interval Specify the time interval (from 1000 to 3600000 milliseconds) at which neighbor solicitations are re-sent for this interface. GS2210 Series User’s Guide...
Page 89: Ipv6 Neighbor Setup
Click the link next to IPv6 Neighbor Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 67 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup GS2210 Series User’s Guide...
Page 90: Dhcpv6 Client Setup
Use this screen to configure the Switch’s DHCP settings when it is acting as a DHCPv6 client. Click the link next to DHCPv6 Client Setup in the IPv6 Configuration screen to display the screen as shown next. GS2210 Series User’s Guide...
Page 91 This field displays whether the Switch obtains a list of domain names from the DHCP server. Information This field displays the time interval (in seconds) at which the Switch exchanges other Refresh configuration information with a DHCPv6 server again. Minimum GS2210 Series User’s Guide...
Page 92: Dns
This field displays priority of the DNS server address. Server Address This field displays the IP address of the DNS server. Source This field displays whether the DNS server address is configured manually (Static) or obtained automatically using DHCP/DHCPv6 (Dynamic). GS2210 Series User’s Guide...
Page 93: Vlan
VLAN and provides the information that switches need to process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) GS2210 Series User’s Guide...
Page 94: Forwarding Tagged And Untagged Frames
GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Enable this function to permit VLAN groups beyond the local Switch. GS2210 Series User’s Guide...
Page 95: Port Vlan Trunking
1 and 2 (VLAN groups that are unknown to those switches) to pass through their VLAN trunking port(s). Figure 70 Port VLAN Trunking 9.1.2.3 Select the VLAN Type Select a VLAN type in the Basic Setting > Switch Setup screen. GS2210 Series User’s Guide...
Page 96: Vlan Status
This is the number of VLANs that match the searching criteria and display in the list below. Search Results This field displays only when you use the Search button to look for certain VLANs. Index This is the VLAN index number. Click on an index number to view more VLAN details. GS2210 Series User’s Guide...
Page 97: Vlan Details
This field shows how this VLAN was added to the Switch. Dynamic: using GVRP Static: added as a permanent entry Voice: manually added as a Voice VLAN MVR: added via multicast VLAN registration MAC-based: manually added as MAC-based VLAN GS2210 Series User’s Guide...
Page 98: Vlan Configuration
Click Click Here to configure the MAC Based VLAN for the Switch. 9.4 Configure a Static VLAN Use this screen to configure a static VLAN for the Switch. Click the Static VLAN Setup link in the VLAN Configuration screen to display the screen as shown next. GS2210 Series User’s Guide...
Page 99 Select Fixed for the port to be a permanent member of this VLAN group. Select Forbidden if you want to prohibit the port from joining this VLAN group. Tagging Select TX Tagging if you want the port to tag all outgoing frames transmitted with this VLAN Group ID. GS2210 Series User’s Guide...
Page 100: Configure Vlan Port Settings
Use the VLAN Port Setup screen to configure the static VLAN (IEEE 802.1Q) settings on a port. Click the VLAN Port Setup link in the VLAN Configuration screen. Figure 76 Advanced Application > VLAN > VLAN Configuration > VLAN Port Setup GS2210 Series User’s Guide...
Page 101: Subnet Based Vlans
IP subnet. For example, an ISP (Internet Services Provider) may divide different types of services it provides to customers into different IP subnets. Traffic for voice services is designated for IP subnet GS2210 Series User’s Guide...
Page 102: Configuring Subnet Based Vlan
Click the Subnet Based VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown. Note: Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. GS2210 Series User’s Guide...
Page 103 Cancel Click Cancel to begin configuring this screen afresh. Index This is the index number identifying this subnet based VLAN. Click on any of these numbers to edit an existing subnet based VLAN. GS2210 Series User’s Guide...
Page 104: Protocol Based Vlans
C. Figure 79 Protocol Based VLAN Application Example 9.7.1 Configuring Protocol Based VLAN Click the Protocol Based VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown. GS2210 Series User’s Guide...
Page 105 Port This field shows which port belongs to this protocol based VLAN. Name This field shows the name the protocol based VLAN. Ethernet-type This field shows which Ethernet protocol is part of this protocol based VLAN. GS2210 Series User’s Guide...
Page 106: Voice Vlan
ID from the Organizationally Unique Identifiers (OUI). Click the Voice VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown. Figure 81 Advanced Application > VLAN > VLAN Configuration > Voice VLAN Setup GS2210 Series User’s Guide...
Page 107: Mac Based Vlan
This feature allows users to change ports without having to reconfigure the VLAN. You can assign priority to the MAC-based VLAN and define a MAC to VLAN mapping table by entering a specified GS2210 Series User’s Guide...
Page 108 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the check boxes. GS2210 Series User’s Guide...
Page 109: Port-Based Vlan Setup
9.10.1 Configure a Port-Based VLAN Select Port Based as the VLAN Type in the Basic Setting > Switch Setup screen and then click Advanced Application > VLAN from the navigation panel to display the next screen. GS2210 Series User’s Guide...
Page 110 Chapter 9 VLAN Figure 83 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) GS2210 Series User’s Guide...
Page 111 Chapter 9 VLAN Figure 84 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS2210 Series User’s Guide...
Page 112: Technical Reference
Select the protocol. Leave the default value IP. Type the VLAN ID of an existing VLAN. In our example we already created a static VLAN with an ID of 5. Type 5. Leave the priority set to 0 and click Add. GS2210 Series User’s Guide...
Page 113 To add more ports to this protocol based VLAN. Click the index number of the protocol based VLAN entry. Click 1. Change the value in the Port field to the next port you want to add. Click Add. GS2210 Series User’s Guide...
Page 114: Static Mac Forward Setup
Switch. See Chapter 19 on page 165 for more information on port security. Click Advanced Application > Static MAC Forwarding in the navigation panel to display the configuration screen as shown. GS2210 Series User’s Guide...
Page 115 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the check boxes. GS2210 Series User’s Guide...
Page 116: Static Multicast Forward Setup
Figure 88 on page 117 shows frames being forwarded to devices connected to port 3. Figure 89 on page 117 shows frames being forwarded to ports 2 and 3 within VLAN group 4. Figure 87 No Static Multicast Forwarding GS2210 Series User’s Guide...
Page 117: Configuring Static Multicast Forwarding
Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 90 Advanced Application > Static Multicast Forwarding GS2210 Series User’s Guide...
Page 118 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the check boxes. GS2210 Series User’s Guide...
Page 119: Filtering
12.2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch. Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 91 Advanced Application > Filtering GS2210 Series User’s Guide...
Page 120 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the rule(s) that you want to remove and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es). GS2210 Series User’s Guide...
Page 121: Spanning Tree Protocol
(R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network. GS2210 Series User’s Guide...
Page 122: Stp Terminology
Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Max Age), the bridge assumes that the link to the root bridge is down. This bridge then initiates negotiations with other bridges to reconfigure the network to re-establish a valid network topology. GS2210 Series User’s Guide...
Page 123 Figure 92 MRSTP Network Example Multiple STP Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features: GS2210 Series User’s Guide...
Page 124: Spanning Tree Protocol Status Screen
Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch. Click Configuration in the Advanced Application > Spanning Tree Protocol. Figure 94 Advanced Application > Spanning Tree Protocol > Configuration GS2210 Series User’s Guide...
Page 125: Configure Rapid Spanning Tree Protocol
Use this screen to configure RSTP settings, see Section 13.1 on page 121 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 95 Advanced Application > Spanning Tree Protocol > RSTP GS2210 Series User’s Guide...
Page 126 With root guard enabled, a port is blocked when the Switch receives a superior BPDU on it. The Switch allows traffic to pass through this port again when the switch connected to the port stops to send superior BPDUs. GS2210 Series User’s Guide...
Page 127: Rapid Spanning Tree Protocol Status
This ID is the same for Root and Our Bridge if the Switch is the root switch. Hello Time This is the time interval (in seconds) at which the root switch transmits a configuration (second) message. The root bridge determines Hello Time, Max Age and Forwarding Delay. GS2210 Series User’s Guide...
Page 128 This field displays the state of the port on which root guard is enabled. • Root-inconsistent - the Switch receives superior BPDUs on the port and blocks the port. • Forwarding - the Switch unbolcks and allows the port to forward frames again. GS2210 Series User’s Guide...
Page 129: Configure Multiple Rapid Spanning Tree Protocol
Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. GS2210 Series User’s Guide...
Page 130 The slower the media, the higher the cost - see Table 46 on page 122 for more information. Tree Select which STP tree configuration this port should participate in. GS2210 Series User’s Guide...
Page 131: Multiple Rapid Spanning Tree Protocol Status
(second) message. The root bridge determines Hello Time, Max Age and Forwarding Delay. Max Age (second) This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure. GS2210 Series User’s Guide...
Page 132: Configure Multiple Spanning Tree Protocol
Forwarding - the Switch unbolcks and allows the port to forward frames again. 13.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. Multiple STP on page 123 for more information on MSTP. GS2210 Series User’s Guide...
Page 133 Select this to activate MSTP on the Switch. Clear this to disable MSTP on the Switch. Note: You must also activate Multiple Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MSTP on the Switch. GS2210 Series User’s Guide...
Page 134 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2210 Series User’s Guide...
Page 135: Mstp Port Configuration
13.8.1 MSTP Port Configuration Click Advanced Application > Spanning Tree Protocol > MSTP > Port in the navigation panel to display the status screen as shown next. See Multiple STP on page 123 for more information on MSTP. GS2210 Series User’s Guide...
Page 136 With root guard enabled, a port is blocked when the Switch receives a superior BPDU on it. The Switch allows traffic to pass through this port again when the switch connected to the port stops to send superior BPDUs. GS2210 Series User’s Guide...
Page 137: Multiple Spanning Tree Protocol Status
See Multiple STP on page 123 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 101 Advanced Application > Spanning Tree Protocol > Status: MSTP GS2210 Series User’s Guide...
Page 138 BPDUs. • Learning - The port learns MAC addresses and processes BPDUs, but does not forward frames yet. • Forwarding - The port is operating normally. It learns MAC addresses, processes BPDUs and forwards received frames. GS2210 Series User’s Guide...
Page 139: Technical Reference
The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. GS2210 Series User’s Guide...
Page 140: Mst Region
Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters: • Name of the MST region • Revision level as the unique number for the MST region GS2210 Series User’s Guide...
Page 141: Mst Instance
MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices. A network may contain multiple MST regions and other network segments running RSTP. Figure 105 MSTP and Legacy RSTP Network Example GS2210 Series User’s Guide...
Page 142: Bandwidth Control
(Section 14.2 on page 142) to limit the bandwidth for traffic going through the Switch. 14.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. GS2210 Series User’s Guide...
Page 143 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2210 Series User’s Guide...
Page 144: Broadcast Storm Control
(DLF) packets the Switch receives per second on the ports. 15.2 Broadcast Storm Control Setup Click Advanced Application > Broadcast Storm Control in the navigation panel to display the screen as shown next. GS2210 Series User’s Guide...
Page 145 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2210 Series User’s Guide...
Page 146: Mirroring
16.2 Port Mirroring Setup Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. GS2210 Series User’s Guide...
Page 147 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. GS2210 Series User’s Guide...
Page 148: Link Aggregation
When you enable LACP link aggregation on a port, the port can automatically negotiate with the ports at the remote end of a link to establish trunk groups. LACP also allows port redundancy, that GS2210 Series User’s Guide...
Page 149: Link Aggregation Status
Click Advanced Application > Link Aggregation in the navigation panel. The Link Aggregation Status screen displays by default. See Section 17.1 on page 148 for more information. Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group, not the individual port. GS2210 Series User’s Guide...
Page 150 Refer to Link Aggregation ID on page 149 for more information on this field. The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group. GS2210 Series User’s Guide...
Page 151: Link Aggregation Setting
LACP - if the ports are configured to join a trunk group via LACP. 17.3 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 17.1 on page 148 for more information on link aggregation. GS2210 Series User’s Guide...
Page 152 This is the only screen you need to configure to enable static link aggregation. Aggregation Setting Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. GS2210 Series User’s Guide...
Page 153: Link Aggregation Control Protocol
17.3.1 Link Aggregation Control Protocol Click Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Dynamic Link Aggregation on page 148 for more information on dynamic link aggregation. GS2210 Series User’s Guide...
Page 154 Table 63 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION Link Note: Do not configure this screen unless you want to enable dynamic link aggregation. Aggregation Control Protocol Active Select this checkbox to enable Link Aggregation Control Protocol (LACP). GS2210 Series User’s Guide...
Page 155: Technical Reference
Make your physical connections - make sure that the ports that you want to belong to the trunk group are connected to the same destination. The following figure shows ports 2-5 on switch A connected to switch B. GS2210 Series User’s Guide...
Page 156 Click Apply when you are done. Figure 113 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete. GS2210 Series User’s Guide...
Page 157: Port Authentication
At the time of writing, IEEE 802.1x is not supported by all operating systems. See your operating system documentation. If your operating system does not support 802.1x, then you may need to install 802.1x client software. GS2210 Series User’s Guide...
Page 158: Mac Authentication
MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 115 MAC Authentication Process New Connection Authentication Request Authentication Reply Session Granted/Denied GS2210 Series User’s Guide...
Page 159: Port Authentication Configuration
18.3 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 117 Advanced Application > Port Authentication > 802.1x GS2210 Series User’s Guide...
Page 160: Guest Vlan
VLAN. That is, unauthenticated users can have access to limited network resources in the same guest VLAN, such as the Internet. The rights granted to the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature. GS2210 Series User’s Guide...
Page 161 Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 119 Advanced Application > Port Authentication > 802.1x > Guest VLAN GS2210 Series User’s Guide...
Page 162: Activate Mac Authentication
Cancel Click Cancel to begin configuring this screen afresh. 18.4 Activate MAC Authentication Use this screen to activate MAC authentication. In the Port Authentication screen click MAC Authentication to display the configuration screen as shown. GS2210 Series User’s Guide...
Page 163 If you leave this field blank, then only the MAC address of the client is forwarded to the RADIUS server. Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters. GS2210 Series User’s Guide...
Page 164 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 165: Port Security
165) to enable port security and disable MAC address learning. You can also enable the port security feature on a port. 19.2 Port Security Setup Click Advanced Application > Port Security in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 166 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2210 Series User’s Guide...
Page 167 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 168: Time Range
168) to view or define a schedule on the Switch. 20.2 Configuring Time Range Click Advanced Application > Time Range in the navigation panel to display the screen as shown. Figure 122 Advanced Application > Time Range GS2210 Series User’s Guide...
Page 169 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the rule(s) that you want to remove and then click the Delete button. Cancel Click Cancel to clear the selected checkbox(es). GS2210 Series User’s Guide...
Page 170: Classifier
Configure policy rules to define actions to be performed on a classified traffic flow (refer to Chapter 22 on page 179 to configure policy rules). 21.2 Classifier Status Use this screen to to view the classifiers configured on the Switch and how many times the traffic matches the rules. GS2210 Series User’s Guide...
Page 171: Classifier Configuration
(or policy) to act upon the traffic that matches the rules. To configure policy rules, refer to Chapter 22 on page 179. In the Classifier Status screen click Classifier Configuration to display the configuration screen as shown. GS2210 Series User’s Guide...
Page 172 Chapter 21 Classifier Figure 124 Advanced Application > Classifier > Classifier Configuration GS2210 Series User’s Guide...
Page 173 For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 matches this criteria. If you leave the Mask field blank, the Switch automatically sets the mask to ff:ff:ff:ff:ff:ff. GS2210 Series User’s Guide...
Page 174 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. GS2210 Series User’s Guide...
Page 175: Viewing And Editing Classifier Configuration Summary
ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 GS2210 Series User’s Guide...
Page 176: Classifier Global Setting
Use this screen to configure the match order and enable logging on the Switch. In the Classifier Configuration screen click Classifier Global Setting to display the configuration screen as shown. Figure 126 Advanced Application > Classifier > Classifier Configuration > Classifier Global Setting GS2210 Series User’s Guide...
Page 177: Classifier Example
The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow. GS2210 Series User’s Guide...
Page 178 Chapter 21 Classifier Figure 127 Classifier: Example GS2210 Series User’s Guide...
Page 179: Policy Rule
22.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 21.3 on page 171 more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 180 Type the number of an outgoing port. Priority Specify a priority level. Rate Limit You can configure the desired bandwidth available to a traffic flow. Traffic that exceeds the maximum bandwidth allocated (in cases where the network is congested) is dropped. GS2210 Series User’s Guide...
Page 181 This field displays the name(s) of the classifier to which this policy applies. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. GS2210 Series User’s Guide...
Page 182: Policy Example
The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 21.5 on page 177). Figure 129 Policy Example GS2210 Series User’s Guide...
Page 183: Queuing Method
A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port. This queue then moves to the back of the list. The next queue is given GS2210 Series User’s Guide...
Page 184: Configuring Queuing
Use this screen to set priorities for the queues of the Switch. This distributes bandwidth across the different traffic queues. Click Advanced Application > Queuing Method in the navigation panel. Figure 130 Advanced Application > Queuing Method GS2210 Series User’s Guide...
Page 185 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 186: Multicast
IP addresses in the Class D range (224.0.0.0 to 239.255.255.255) are used for IP multicasting. Certain IP multicast numbers are reserved by IANA for special purposes (see the IANA website for more information). GS2210 Series User’s Guide...
Page 187 In the following MLD snooping-proxy example, all connected upstream ports (1 ~7) are treated as one interface. The connection between ports 8 and 9 is blocked by STP to break the loop. If there is GS2210 Series User’s Guide...
Page 188 The following figure shows a network example. The subscriber VLAN (1, 2 and 3) information is hidden from the streaming media server, S. In addition, the multicast VLAN information is only visible to the Switch and S. GS2210 Series User’s Guide...
Page 189 (in this case, an uplink port on the Switch). If there is another subscriber device connected to this port in the same subscriber VLAN, the receiving port will still be on the list of forwarding destination for the multicast traffic. Otherwise, the Switch removes the receiver port from the forwarding table. GS2210 Series User’s Guide...
Page 190: Multicast Setup
Click Advanced Application > Multicast > IPv4 Multicast to display the screen as shown. This screen shows the IPv4 multicast group information. See Section 24.1 on page 186 for more information on multicasting. Figure 134 Advanced Application > Multicast > IPv4 Multicast GS2210 Series User’s Guide...
Page 191: Igmp Snooping
Click the IGMP Snooping link in the Advanced Application > Multicast > IPv4 Multicast screen to display the screen as shown. See Section 24.1 on page 186 for more information on multicasting. Figure 135 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping GS2210 Series User’s Guide...
Page 192 This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host. GS2210 Series User’s Guide...
Page 193: Igmp Snooping Vlan
Click Advanced Application > Multicast > IPv4 Multicast in the navigation panel. Click the IGMP Snooping link and then the IGMP Snooping VLAN link to display the screen as shown. See IGMP Snooping and VLANs on page 187 for more information on IGMP Snooping VLAN. GS2210 Series User’s Guide...
Page 194 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration. Clear Click Clear to reset the fields to the factory defaults. GS2210 Series User’s Guide...
Page 195: Igmp Filtering Profile
To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range. Start Address Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile. GS2210 Series User’s Guide...
Page 196: Ipv6 Multicast Status
This field displays IP multicast group addresses. Group Timeout This field displays the time (in seconds) that elapses before the Switch removes a MLD group membership entry if it does not receive report messages from the port. GS2210 Series User’s Guide...
Page 197: Mld Snooping-Proxy
24.4.2 MLD Snooping-proxy VLAN Click the VLAN link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy screen to display the screen as shown. See Section 24.1 on page 186 for more information on multicasting. GS2210 Series User’s Guide...
Page 198 This value should be exactly the same as what’s configured in the connected multicast router. This value is used to calculate the amount of time an MLD snooping membership entry (learned only on the upstream port) can remain in the forwarding table. GS2210 Series User’s Guide...
Page 199: Mld Snooping-Proxy Vlan Port Role Setting
Click the Port Role Setting link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN screen to display the screen as shown. See Section 24.1 on page for more information on multicasting. GS2210 Series User’s Guide...
Page 200 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Changes in this row are copied to all the ports as soon as you make them. GS2210 Series User’s Guide...
Page 201: Mld Snooping-Proxy Filtering
24.4.4 MLD Snooping-proxy Filtering Use this screen to configure the Switch’s MLD filtering settings. Click the Filtering link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy screen to display the screen as shown. GS2210 Series User’s Guide...
Page 202 Select the name of the MLD filtering profile to use for this port. Otherwise, select Default to prohibit the port from joining any multicast group. You can create MLD filtering profiles in the Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile screen. GS2210 Series User’s Guide...
Page 203: Mld Snooping-Proxy Filtering Profile
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Clear Click Clear to reset the fields to the factory defaults. GS2210 Series User’s Guide...
Page 204: General Mvr Configuration
Note: You can create up to five multicast VLANs and up to 256 multicast rules on the Switch. Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. GS2210 Series User’s Guide...
Page 205 Select Dynamic to send IGMP reports or MLD messages to all MVR source ports in the multicast VLAN. Select Compatible to set the Switch not to send IGMP reports or MLD messages. Port This field displays the port number on the Switch. GS2210 Series User’s Guide...
Page 206: Mvr Group Configuration
Use this screen to configure MVR IP multicast group address(es). Click the Group Configuration link in the MVR screen. Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. GS2210 Series User’s Guide...
Page 207 Delete button. You can select the check box in the table heading row to select all profiles. To delete a rule(s) from a profile, select the rule(s) that you want to remove , then click the Delete button. GS2210 Series User’s Guide...
Page 208: Mvr Configuration Example
Figure 146 MVR Configuration Example News: 224.1.4.10 ~ 224.1.4.50 Movie: 230.1.2.50 ~230.1.2.60 VLAN 1 Multicast VID 200 To configure the MVR settings on the Switch, create a multicast VLAN in the MVR screen and set the receiver and source ports. GS2210 Series User’s Guide...
Page 209 To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200. GS2210 Series User’s Guide...
Page 210 Chapter 24 Multicast Figure 148 MVR Group Configuration Example-1 EXAMPLE Figure 149 MVR Group Configuration Example-2 EXAMPLE GS2210 Series User’s Guide...
Page 211: Aaa
Authorization is the process of determining what a user is allowed to do. Different user accounts may have higher or lower privilege levels associated with them. For example, user A may have the right to create new login accounts on the Switch but user B cannot. The Switch can authorize users GS2210 Series User’s Guide...
Page 212: Aaa Screens
Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority, activate authorization. Click Advanced Application > AAA in the navigation panel to display the screen as shown. Figure 151 Advanced Application > AAA GS2210 Series User’s Guide...
Page 213: Radius Server Setup
30 seconds, then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server. Index This is a read-only number representing a RADIUS server entry. GS2210 Series User’s Guide...
Page 214: Tacacs+ Server Setup
Use this screen to configure your TACACS+ server settings. See RADIUS and TACACS+ on page 212 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the AAA screen to view the screen as shown. GS2210 Series User’s Guide...
Page 215 TACACS+ server and the Switch. Delete Check this box if you want to remove an existing TACACS+ server entry from the Switch. This entry is deleted when you click Apply. GS2210 Series User’s Guide...
Page 216: Aaa Setup
Click Cancel to begin configuring this screen afresh. 25.5 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. GS2210 Series User’s Guide...
Page 217 Method 2 and Method 3 fields. Select local to have the Switch check the access privilege configured for local authentication. Select radius or tacacs+ to have the Switch check the access privilege via the external servers. GS2210 Series User’s Guide...
Page 218 If you don’t select this and you have two accounting servers set up, then the Switch sends information to the first accounting server and if it doesn’t get a response from the accounting server then it tries the second accounting server. GS2210 Series User’s Guide...
Page 219: Technical Reference
• Vendor-Type: A vendor specified attribute, identifying the setting you want to modify. • Vendor-data: A value you want to assign to the setting. Note: Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server. GS2210 Series User’s Guide...
Page 220: Supported Radius Attributes
Refer to RFC 2865 for more information about RADIUS attributes used for authentication. This section lists the attributes used by authentication functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified. GS2210 Series User’s Guide...
Page 221: Attributes Used For Authentication
25.6.3.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.6.3.3 Attributes Used by the IEEE 802.1x Authentication User-Name NAS-Identifier NAS-IP-Address NAS-Port NAS-Port-Type - This value is set to Ethernet(15) on the Switch. Calling-Station-Id Frame-MTU EAP-Message State Message-Authenticator GS2210 Series User’s Guide...
Page 222: Ip Source Guard
MAC address filters that were created because the Switch identified an unauthorized ARP packet. • Use the ARP Inspection VLAN Status screen (Section 26.8 on page 237) to look at various statistics about ARP packets in each VLAN. GS2210 Series User’s Guide...
Page 223: What You Need To Know
DHCP snooping before you enable ARP inspection. 26.2 IP Source Guard Screen Use this screen to go to the configuration screens where you can configure IPv4 or IPv6 source guard settings. Click Advanced Application > IP Source Guard in the navigation panel. GS2210 Series User’s Guide...
Page 224: Ipv4 Source Guard Setup
(static bindings). To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup. Figure 156 Advanced Application > IP Source Guard > IPv4 Source Guard Setup GS2210 Series User’s Guide...
Page 225: Ipv4 Source Guard Static Binding
If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding. GS2210 Series User’s Guide...
Page 226 Click this to create the specified static binding or to update an existing one. Cancel Click this to reset the values above based on the last selected static binding or, if not applicable, to clear the fields above. GS2210 Series User’s Guide...
Page 227: Dhcp Snooping
Click Cancel to clear the check boxes. 26.5 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping. GS2210 Series User’s Guide...
Page 228 This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen. See Section 26.6 on page 230. Agent URL This field displays the location of the DHCP snooping database. GS2210 Series User’s Guide...
Page 229 This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database. Database detail First successful This field displays the first time the Switch accessed the DHCP snooping database access for any reason. GS2210 Series User’s Guide...
Page 230: Dhcp Snooping Configure
TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure. GS2210 Series User’s Guide...
Page 231 Enter how long (10-65535 seconds) the Switch waits to update the DHCP snooping database the first time the current bindings change after an update. Once the next update is scheduled, additional changes in current bindings are automatically included in the next update. GS2210 Series User’s Guide...
Page 232: Dhcp Snooping Port Configure
You can also specify the maximum number for DHCP packets that each port (trusted or untrusted) can receive each second. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > Port. GS2210 Series User’s Guide...
Page 233 Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by- port basis. Note: Changes in this row are copied to all the ports as soon as you make them. GS2210 Series User’s Guide...
Page 234: Dhcp Snooping Vlan Configure
Configure > VLAN LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. GS2210 Series User’s Guide...
Page 235: Dhcp Snooping Vlan Port Configure
Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN > Port. Figure 162 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN > Port GS2210 Series User’s Guide...
Page 236: Arp Inspection Status
MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection. GS2210 Series User’s Guide...
Page 237: Arp Inspection Vlan Status
Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > VLAN Status. GS2210 Series User’s Guide...
Page 238: Arp Inspection Log Status
Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Log Status. GS2210 Series User’s Guide...
Page 239 In the ARP Inspection VLAN Configure screen, you can configure the Switch to generate log messages when ARP packets are discarded or forwarded based on the VLAN ID of the ARP packet. See Section 26.10.2 on page 243. Time This field displays when the log message was generated. GS2210 Series User’s Guide...
Page 240: Arp Inspection Configure
Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter. See Section 26.9 on page 238. GS2210 Series User’s Guide...
Page 241: Arp Inspection Port Configure
Switch receives ARP packets on each untrusted port. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > Port. GS2210 Series User’s Guide...
Page 242 • The rate at which ARP packets arrive is too high. You can specify the maximum rate at which ARP packets can arrive on untrusted ports. Limit These settings have no effect on trusted ports. GS2210 Series User’s Guide...
Page 243: Arp Inspection Vlan Configure
This field displays the VLAN ID of each VLAN in the range specified above. If you configure the * VLAN, the settings are applied to all VLANs. Enabled Select Yes to enable ARP inspection on the VLAN. Select No to disable ARP inspection on the VLAN. GS2210 Series User’s Guide...
Page 244: Ipv6 Source Guard Overview
The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings). To open this screen, click Advanced Application > IP Source Guard > IPv6 Source Binding Status. GS2210 Series User’s Guide...
Page 245: Ipv6 Static Binding Setup
26.13 IPv6 Static Binding Setup Use this screen to manually create an IPv6 source guard binding table entry and manage IPv6 static bindings. Static bindings are uniquely identified by the source IPv6 address / prefix. Each GS2210 Series User’s Guide...
Page 246 This field displays the source MAC address in the binding. If the entry is blank, this field will not be checked in the binding. VLAN This field displays the source VLAN ID in the binding. If the entry is blank, this field will not be checked in the binding. GS2210 Series User’s Guide...
Page 247: Ipv6 Source Guard Policy Setup
Select Validate Address to have IPv6 source guard forward valid addresses that are stored in the binding table. Validate Prefix Select Validate Prefix to have IPv6 source guard forward valid prefixes that are stored in the binding table. GS2210 Series User’s Guide...
Page 248: Ipv6 Source Guard Port Setup
Use this screen to apply configured IPv6 source guard policies to ports you specify. Use port * to apply a policy to all ports. To open this screen, click Advanced Application > IP Source Guard > IPv6 Source Guard Port Setup. GS2210 Series User’s Guide...
Page 249: Ipv6 Snooping Policy Setup
Use this screen to dynamically create an IPv6 source guard binding table using a DHCPv6 snooping policy. A DHCPv6 snooping policy lets the Switch sniff DHCPv6 packets sent from a DHCPv6 server to a DHCPv6 client when it is assigning an IPv6 address. When a DHCPv6 client successfully gets a GS2210 Series User’s Guide...
Page 250 This field displays the the number of IPv6 addresses and prefixes learned using the IPv6 snooping policy. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. GS2210 Series User’s Guide...
Page 251: Ipv6 Snooping Vlan Setup
Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Select an entry checkbox and click Delete to remove the specified entry. Cancel Click this to clear the check boxes above. GS2210 Series User’s Guide...
Page 252: Ipv6 Dhcp Trust Setup
IPv6 DHCP Trust is not used and all ports are automatically trusted. Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. GS2210 Series User’s Guide...
Page 253: Technical Reference
• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK). • The source MAC address and source IP address in the packet do not match any of the current bindings. GS2210 Series User’s Guide...
Page 254 When the DHCP server responds, the Switch removes the information in the Agent Information field before forwarding the response to the original source. You can configure this setting for each source VLAN. This setting is independent of the DHCP relay settings (Chapter 40 on page 337). GS2210 Series User’s Guide...
Page 255: Arp Inspection Overview
• They do not use the same space in memory that regular MAC address filters use. • They appear only in the ARP Inspection screens and commands, not in the MAC Address Filter screens and commands. GS2210 Series User’s Guide...
Page 256 ARP inspection so that the Switch has enough time to build the binding table. Enable ARP inspection on each VLAN. Configure trusted and untrusted ports, and specify the maximum number of ARP packets that each port can receive per second. GS2210 Series User’s Guide...
Page 257: Loop Guard
If a switch (not in loop state) connects to a switch in loop state, then it will be affected by the switch in loop state in the following way: GS2210 Series User’s Guide...
Page 258 In this example, the probe packet is sent from port N and returns on another port. As long as loop guard is enabled on port N. The Switch will shut down port N if it detects that the probe packet has returned to the Switch. GS2210 Series User’s Guide...
Page 259: Loop Guard Setup
Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 182 Advanced Application > Loop Guard GS2210 Series User’s Guide...
Page 260 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 261: Layer 2 Protocol Tunneling
To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). GS2210 Series User’s Guide...
Page 262: Configuring Layer 2 Protocol Tunneling
Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port. 28.2 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 263 Note: Changes in this row are copied to all the ports as soon as you make them. Select this option to have the Switch tunnel CDP (Cisco Discovery Protocol) packets so that other Cisco devices can be discovered through the service provider’s network. GS2210 Series User’s Guide...
Page 264 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 265: Pppoe
Active Discovery Initialization) and PADR (PPPoE Active Discovery Request) packets from PPPoE clients. This tag is defined in RFC 2516 and has the following format for this feature. Table 120 PPPoE Intermediate Agent Vendor-specific Tag Format Tag_Type Tag_Len Value (0x0105) GS2210 Series User’s Guide...
Page 266 If you do not configure a Circuit ID string for a specific VLAN on a port or for a specific port, and disable the flexible Circuit ID syntax in the PPPoE > Intermediate Agent screen, the Switch automatically generates a Circuit ID string according to the default Circuit ID syntax which is GS2210 Series User’s Guide...
Page 267: Pppoe Screen
Use this screen to configure the PPPoE Intermediate Agent on the Switch. Click Advanced Application > PPPoE in the navigation panel to display the screen as shown. Click Click Here to go to the Intermediate Agent screen. Figure 186 Advanced Application > PPPoE Intermediate Agent GS2210 Series User’s Guide...
Page 268: Pppoe Intermediate Agent
Select the variables that you want the Switch to generate and add in the Agent Circuit ID sub-option. The variable options include sp, sv, pv and spv which indicate combinations of slot-port, slot-VLAN, port-VLAN and slot-port-VLAN respectively. The Switch enters a zero into the PADI and PADR packets for the slot value. GS2210 Series User’s Guide...
Page 269: Pppoe Ia Per-Port
Note: The Switch will drop all PPPoE packets if you enable the PPPoE Intermediate Agent on the Switch and there are no trusted ports. Click the Port link in the Intermediate Agent screen to display the screen as shown. Figure 188 Advanced Application > PPPoE > Intermediate Agent > Port GS2210 Series User’s Guide...
Page 270: Pppoe Ia Per-Port Per-Vlan
29.3.2 PPPoE IA Per-Port Per-VLAN Use this screen to configure PPPoE IA settings that apply to a specific VLAN on a port. Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. GS2210 Series User’s Guide...
Page 271: Pppoe Ia For Vlan
Use this screen to set whether the PPPoE Intermediate Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown. GS2210 Series User’s Guide...
Page 272 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 273: Error Disable
• Use the Errdisable Recovery screen (Section 30.6 on page 278) to set the Switch to automatically undo an action after the error is gone. GS2210 Series User’s Guide...
Page 274: Error Disable Screen
Click the Click here link next to Errdisable Status in the Advanced Application > Errdisable screen to display the screen as shown. GS2210 Series User’s Guide...
Page 275 This is the number of the port on which you want to configure Errdisable Status. Cause This displays the type of the control packet received on the port or the feature enabled on the port and causing the Switch to take the specified action. GS2210 Series User’s Guide...
Page 276: Cpu Protection Configuration
Advanced Application > Errdisable screen to display the screen as shown. Note: After you configure this screen, make sure you also enable error detection for the specific control packets in the Advanced Application > Errdisable > Errdisable Detect screen. GS2210 Series User’s Guide...
Page 277 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 278: Error-Disable Detect Configuration
Use this screen to configure the Switch to automatically undo an action after the error is gone. Click the Click Here link next to Errdisable Recovery in the Advanced Application > Errdisable screen to display the screen as shown. GS2210 Series User’s Guide...
Page 279 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 280: Private Vlan
Note: Make sure you keep at least one port in the promiscuous port list for a VLAN with private VLAN enabled. Otherwise, this VLAN is blocked from the whole network. 31.2 Configuring Private VLAN Click Advanced Application > Private VLAN in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 281 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the rule(s) that you want to remove and then click the Delete button. Cancel Click Cancel to clear the check boxes. GS2210 Series User’s Guide...
Page 282: Green Ethernet
32.2 Configuring Green Ethernet Click Advanced Application > Green Ethernet in the navigation panel to display the screen as shown. Note: EEE, Auto Power Down and Short Reach are not supported on an uplink port. GS2210 Series User’s Guide...
Page 283 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 284: Link Layer Discovery Protocol (Lldp)
The optional TLVs are inserted between the Time To Live TLV and the End of LLDPDU TLV. The next figure demonstrates that the network devices Switches and Routers (S and R) transmit and receive device information via LLDPDU and the network manager can query the information using Simple Network Management Protocol (SNMP). GS2210 Series User’s Guide...
Page 285: Lldp-Med Overview
Since LLDPDU updates status and configuration information periodically, network managers may check the result of provision via remote status. The remote status is updated by receiving LLDP-MED TLVs from endpoint devices. GS2210 Series User’s Guide...
Page 286: Lldp Screens
Click here to show a screen with LLDP information from the neighboring devices. Status LLDP Click here to show a screen to configure LLDP parameters. Configuration LLDP-MED LLDP-MED Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Configuration Media Endpoint Devices) parameters. GS2210 Series User’s Guide...
Page 287: Lldp Local Status
This screen displays a summary of LLDP status on this Switch. Click Advanced Application > LLDP > LLDP Local Status to display the screen as shown next. Figure 202 Advanced Application > LLDP > LLDP Local Status GS2210 Series User’s Guide...
Page 288: Lldp Local Port Status Detail
This screen displays detailed LLDP status for each port on this Switch. Click Advanced Application > LLDP > LLDP Local Status and then, click a port number, for example 1 in the local port column to display the screen as shown next. GS2210 Series User’s Guide...
Page 289 Chapter 33 Link Layer Discovery Protocol (LLDP) Figure 203 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail GS2210 Series User’s Guide...
Page 290 Capabilities This field displays which LLDP-MED TLV are capable to transmit on the Switch. • Network Policy • Location Device Type This is the LLDP-MED device class. The ZyXEL Switch device type is: • Network Connectivity GS2210 Series User’s Guide...
Page 291: Lldp Remote Status
This displays the system name of the remote device. Management This displays the management address of the remote device. It could be the MAC Address address or IP address. You can click on the IP address hyperlink directly. GS2210 Series User’s Guide...
Page 292: Lldp Remote Port Status Detail
Table 139 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Basic TLV) LABEL DESCRIPTION Local Port This displays the number of the Switch’s port to which the remote device is connected. Basic TLV GS2210 Series User’s Guide...
Page 293 System Capabilities Supported • System Capabilities Enabled Management This displays the following management address parameters of the remote device. Address TLV • Management Address Subtype • Management Address • Interface Number Subtype • Interface Number • Object Identifier GS2210 Series User’s Guide...
Page 294 Table 140 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Dot1 and Dot3 TLV) LABEL DESCRIPTION Dot1 TLV Port VLAN ID This displays the VLAN ID of this port on the remote device. GS2210 Series User’s Guide...
Page 295 • Port Class • MDI Supported • MDI Enabled • Pair Controlable • PSE Power Pairs • Power Class Max Frame This displays the maximum supported frame size in octets. Size TLV GS2210 Series User’s Guide...
Page 296 Chapter 33 Link Layer Discovery Protocol (LLDP) Figure 207 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) GS2210 Series User’s Guide...
Page 297 This shows the location information of a caller by its: Identification • Coordinate-base LCI - latitude and longitude coordinates of the Location Configuration Information (LCI) • Civic LCI - IETF Geopriv Civic Address based Location Configuration Information • ELIN - (Emergency Location Identifier Number) GS2210 Series User’s Guide...
Page 298: Lldp Configuration
Power Value - power requirement, in fractions of Watts, in current configuration 33.6 LLDP Configuration Use this screen to configure global LLDP settings on the Switch. Click Advanced Application > LLDP > LLDP Configuration (Click Here) to display the screen as shown next. GS2210 Series User’s Guide...
Page 299 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. Port This displays the Switch’s port number. * means all ports. GS2210 Series User’s Guide...
Page 300: Lldp Configuration Basic Tlv Setting
Use this screen to configure Basic TLV settings. Click Advanced Application > LLDP > LLDP Configuration (Click Here) > Basic TLV Setting to display the screen as shown next. Figure 209 Advanced Application > LLDP > LLDP Configuration> Basic TLV Setting GS2210 Series User’s Guide...
Page 301: Lldp Configuration Org-Specific Tlv Setting
Click Cancel to begin configuring this screen afresh. 33.6.2 LLDP Configuration Org-specific TLV Setting Use this screen to configure organization-specific TLV settings. Click Advanced Application > LLDP > LLDP Configuration (Click Here) > Org-specific TLV Setting to display the screen as shown next. GS2210 Series User’s Guide...
Page 302 Configuration/Status TLVs on the port(s). All check boxes in this column are enabled by default. Max Frame Select the check box(es) to enable or disable the sending of IEEE 802.3 Max Frame Size Size TLVs on the port(s). GS2210 Series User’s Guide...
Page 303: Lldp-Med Configuration
Cancel Click Cancel to begin configuring this screen afresh. 33.7 LLDP-MED Configuration Click Advanced Application > LLDP > LLDP-MED Configuration to display the screen as shown next. Figure 211 Advanced Application > LLDP > LLDP-MED Configuration GS2210 Series User’s Guide...
Page 304: Lldp-Med Network Policy
Click Cancel to begin configuring this screen afresh. 33.8 LLDP-MED Network Policy Click Advanced Application > LLDP > LLDP-MED Network Policy (Click Here) to display the screen as shown next. Figure 212 Advanced Application > LLDP > LLDP-MED Network Policy GS2210 Series User’s Guide...
Page 305: Lldp-Med Location
Check the rules that you want to remove, then click the Delete button. Cancel Click Cancel to clear the selected check boxes. 33.9 LLDP-MED Location Click Advanced Application > LLDP > LLDP-MED Location (Click Here) to display the screen as shown next. GS2210 Series User’s Guide...
Page 306 Enter the latitude information. The value should be from 0º to 90º. The negative value represents the South. • north • south Longitude Enter the longitude information. The value should be from 0º to 180º. The negative value represents the West. • west • east GS2210 Series User’s Guide...
Page 307 Country, State, County, City, Street, Number, ZIP code and additional information. ELIN Number This field shows the Emergency Location Identification Number (ELIN), which is used to identify endpoint devices when they issue emergency call services. The valid length is form 10 to 25 characters. GS2210 Series User’s Guide...
Page 308 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the locations that you want to remove, then click the Delete button. Cancel Click Cancel to clear the selected check boxes. GS2210 Series User’s Guide...
Page 309: Anti-Arpscan
ARP-requests from a host exceed the thresholds, the trusted port will not be closed. • If a port on the Switch is closed by Anti-arpscan, and you want to recover it, then do one of the following: GS2210 Series User’s Guide...
Page 310: Anti-Arpscan Status
This field displays whether the port can forward traffic normally (Forwarding) or is disabled (Err-Disable). 34.3 Anti-Arpscan Host Status Use this screen to view blocked hosts and unblock ones connected to certain ports. To open this screen, click Advanced Application > Anti-Arpscan > Host Status. GS2210 Series User’s Guide...
Page 311: Anti-Arpscan Trust Host
Use this screen to create or remove trusted hosts identified by IP address and subnet mask. Anti- arpscan is not performed on trusted hosts. To open this screen, click Advanced Application > Anti-Arpscan > Trust Host. Figure 216 Advanced Application > Anti-Arpscan > Trust Host GS2210 Series User’s Guide...
Page 312: Anti-Arpscan Configure
Click this to clear the check boxes above. 34.5 Anti-Arpscan Configure Use this screen to enable Anti-Arpscan, set port and host thresholds as well as configure ports to be trusted or untrusted. To open this screen, click Advanced Application > Anti-Arpscan > Configure. GS2210 Series User’s Guide...
Page 313 Note: Changes in this row are copied to all the ports as soon as you make them. Trusted State Select Untrusted or Trusted for the associated port. Anti-arpscan is not performed on trusted hosts. GS2210 Series User’s Guide...
Page 314 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS2210 Series User’s Guide...
Page 315: Bpdu Guard
316) to enable BPDU guard on the Switch. 35.2 BPDU Guard Status Use this screen to view whether BPDU guard is enabled on the Switch and the port status. Click Advanced Application > BPDU Guard in the navigation panel. GS2210 Series User’s Guide...
Page 316: Bpdu Guard Configuration
This shows whether the port is shut down (Err-disable) or able to transmit packets (Forwarding). 35.3 BPDU Guard Configuration Use this screen to turn on the BPDU guard feature on the Switch and port(s). In the BPDU Guard Status screen click Configuration to display the configuration screen as shown. GS2210 Series User’s Guide...
Page 317 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 318: Oam
(Section 36.4 on page 324) to perform remote- loopback tests. 36.2 OAM Status Use this screen to view the configuration of ports on which Ethernet OAM is enabled. Click Advanced Application > OAM in the navigation panel. GS2210 Series User’s Guide...
Page 319 Active - Allows the port to issue and respond to Ethernet OAM commands. Passive - Allows the port to respond to Ethernet OAM commands. Config This field displays the capabilities of the Switch and remote device. GS2210 Series User’s Guide...
Page 320: Oam Details
Use this screen to view OAM configuration details and operational status of a specific port. Click a number in the Port column in the OAM Status screen to display the screen as shown next. Figure 221 Advanced Application > OAM Staus > OAM Details GS2210 Series User’s Guide...
Page 321 This field indicates the current state of the parser. Forward: The port is forwarding packets normally. Loopback: The port is in loopback mode. Discard: The port is discarding non-OAMPDUs because it is trying to or has put the remote device into loopback mode. GS2210 Series User’s Guide...
Page 322 This field displays the number of OAM PDUs sent by the remote device in response to OAMPDU Rx requests. Unsupported This field displays the number of unsupported OAM PDUs sent on the port. OAMPDU Tx Unsupported This field displays the number of unsupported OAM PDUs received on the port. OAMPDU Rx GS2210 Series User’s Guide...
Page 323: Oam Configuration
Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this check box to enable Ethernet OAM on this port. Clear this check box to disable Ethernet OAM on the port. GS2210 Series User’s Guide...
Page 324: Oam Remote Loopback
Enter the number of the port from which the Switch performs a remote-loopback test. Number of Define the allowable packet number of the loopback test frames. Packet Packet Size Define the allowable packet size of the loopback test frames. GS2210 Series User’s Guide...
Page 325 Click Start to initiate a remote-loopback test from the specified port by sending Enable Loopback Control PDUs to the remote device. Stop Click Stop to terminate a remote-loopback test from the specified port by sending Disable Loopback Control PDUs to the remote device. GS2210 Series User’s Guide...
Page 326: Zuld
328) to enable ZULD on a port, configure a mode and set the probe time. 37.1.2 What You Need to Know • ZULD must be enabled on the Switch and the port(s) in order to detect unidirectional links by monitoring OAMPDUs. GS2210 Series User’s Guide...
Page 327: Zuld Status
This shows whether ZULD is enabled or disabled on the Switch. Port This field displays the port number of the Switch. Active This field displays whether ZULD is enabled on the port or not. ZULD must be enabled to detect an unidirectional link by monitoring OAMPDUs. GS2210 Series User’s Guide...
Page 328: Zuld Configuration
This is the port number of the port on the connected device to which the port of the Switch is connected. 37.3 ZULD Configuration Use this screen to enable ZULD on a port, configure a mode and set the probe time. To open this screen, click Advanced Application > ZULD > Configuration. GS2210 Series User’s Guide...
Page 329 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click this to reset the values in this screen to their last-saved values. GS2210 Series User’s Guide...
Page 330: Static Route
• Use the Static Routing screen (Section 38.2 on page 331) to display the link to the IPv4 Static Route screen. • Use the IPv4 Static Route screen (Section 38.3 on page 331) to configure and enable an IPv4 static route. GS2210 Series User’s Guide...
Page 331: Static Routing
Enter the subnet mask for this destination. Routing is always based on network number. If Mask you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID. GS2210 Series User’s Guide...
Page 332 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the check boxes. GS2210 Series User’s Guide...
Page 333: Differentiated Services
Figure 230 DiffServ: Differentiated Service Field DSCP (6 bits) CU (2 bits) DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. GS2210 Series User’s Guide...
Page 334: Activating Diffserv
S - Silver B - Bronze 39.2 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the Switch. Click IP Application > DiffServ in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 335: Dscp-To-Ieee 802.1P Priority Settings
39.3 DSCP-to-IEEE 802.1p Priority Settings You can configure the DSCP to IEEE 802.1p mapping to allow the Switch to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE 802.1p mapping table. GS2210 Series User’s Guide...
Page 336: Configuring Dscp Settings
Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 337: Dhcp
• Global - The Switch forwards all DHCP requests to the same DHCP server. • VLAN - The Switch is configured on a VLAN by VLAN basis. The Switch can be configured to relay DHCP requests to different DHCP servers for clients in different VLAN. GS2210 Series User’s Guide...
Page 338: Dhcp Configuration
(such as the IP address and subnet mask) between a DHCP client and a DHCP server. Once the DHCP client obtains an IP address and can connect to the network, network information renewal is done between the DHCP client and the DHCP server without the help of the Switch. GS2210 Series User’s Guide...
Page 339: Dhcpv4 Relay Agent Information
There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub- option”. They have the following formats. Table 167 DHCP Relay Agent Circuit ID Sub-option Format SubOpt Code Length Value Slot ID, Port ID, VLAN ID, System Name or String (1 byte) (1 byte) GS2210 Series User’s Guide...
Page 340: Dhcpv4 Option 82 Profile
This is the system name you configure in the Basic Setting > General Setup screen. Select this option for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server. GS2210 Series User’s Guide...
Page 341: Configuring Dhcpv4 Global Relay
Use this screen to configure global DHCPv4 relay. Click IP Application > DHCP > DHCPv4 in the navigation panel and click the Global link to display the screen as shown. Figure 237 IP Application > DHCP > DHCPv4 > Global GS2210 Series User’s Guide...
Page 342: Dhcpv4 Global Relay Port Configure
The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile to DHCP requests that it relays to a DHCP server. The profile you select here has priority over the one you select in the DHCP > DHCPv4 > Global screen. GS2210 Series User’s Guide...
Page 343: Global Dhcp Relay Configuration Example
(default1 in this example) to set the Switch to send additional information (such as the VLAN ID) together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. GS2210 Series User’s Guide...
Page 344: Configuring Dhcpv4 Vlan Settings
Select a pre-defined DHCP option 82 profile that the Switch applies to all ports in this VLAN. Profile The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile to DHCP requests that it relays to a DHCP server. GS2210 Series User’s Guide...
Page 345: Dhcpv4 Vlan Port Configure
Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile. You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For example, enter “3-5” for ports 3, 4, and 5. Enter “3,5,7” for ports 3, 5, and 7. GS2210 Series User’s Guide...
Page 346: Example: Dhcp Relay For Two Vlans
(VLAN 2) are sent to the other DHCP server with an IP address of 172.16.10.100. Figure 243 DHCP Relay for Two VLANs DHCP: 192.168.1.100 VLAN 1 VLAN 2 DHCP: 172.16.10.100 For the example network, configure the VLAN Setting screen as shown. GS2210 Series User’s Guide...
Page 347: Dhcpv6 Relay
The interface-ID should not change even after the relay agent restarts. Use this screen to configure DHCPv6 relay settings for a specific VLAN on the Switch. Click IP Application > DHCP > DHCPv6 in the navigation panel to display the screen as shown. GS2210 Series User’s Guide...
Page 348 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the entry(ies) that you want to remove and then click the Delete button. Cancel Click Cancel to clear the selected check boxes. GS2210 Series User’s Guide...
Page 349: Arp Setup
In the following example, the Switch does not have IP address and MAC address mapping information for hosts A and B in its ARP table, and host A wants to ping host B. Host A sends an GS2210 Series User’s Guide...
Page 350 In Gratuitous-ARP learning mode, the Switch updates its ARP table with either an ARP reply or a gratuitous ARP request. ARP-Request When the Switch is in ARP-Request learning mode, it updates the ARP table with both ARP replies, gratuitous ARP requests and ARP requests. GS2210 Series User’s Guide...
Page 351: Arp Setup
Figure 246 IP Application > ARP Setup 41.2.1 ARP Learning Use this screen to configure each port’s ARP learning mode. Click the link next to ARP Learning in the IP Application > ARP Setup screen to display the screen as shown next. GS2210 Series User’s Guide...
Page 352 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 353: Maintenance
357) to save your configurations for later use. 42.2 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 248 Management > Maintenance GS2210 Series User’s Guide...
Page 354: Erase Running-Configuration
In the Maintenance screen, click the Click Here button next to Erase Running-Configuration to clear all Switch configuration information you configured and return to the factory defaults. Click OK to reset all Switch configurations to the factory defaults. Figure 249 Erase Running-Configuration: Confirmation GS2210 Series User’s Guide...
Page 355: Save Configuration
Switch. 42.3 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware. The Switch supports dual firmware images, Firmware 1 and Firmware 2. Use this screen to specify which image is updated GS2210 Series User’s Guide...
Page 356 Config Boot Image Select which firmware (Firmware 1 or Firmware 2) should load, click Apply and reboot the Switch to see changes, you will also see changes in the Current Boot Image field above as well. GS2210 Series User’s Guide...
Page 357: Restore A Configuration File
Backing up your Switch configurations allows you to create various “snap shots” of your device from which you may restore at a later date. Back up your current Switch configuration to a computer using the Backup Configuration screen. GS2210 Series User’s Guide...
Page 358: Tech-Support
Switch. The Tech Support menu eases your effort in obtaining reports and it is also available in CLI command by typing “Show tech-support” command. Click Management > Maintenance > Tech-Support to see the following screen. Figure 254 Management > Maintenance > Tech-Support GS2210 Series User’s Guide...
Page 359: Technical Reference
This section provides technical background information on the topics discussed in this chapter. 42.7.1 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. GS2210 Series User’s Guide...
Page 360: Filename Conventions
Enter open, followed by a space and the IP address of your Switch. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter bin to set transfer mode to binary. GS2210 Series User’s Guide...
Page 361: Gui-Based Ftp Clients
• FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately. GS2210 Series User’s Guide...
Page 362: Access Control
“trusted computers” from which an administrator may use a service to manage the Switch. 43.2 The Access Control Main Screen Use this screen to display the main screen. Click Management > Access Control in the navigation panel to display the main screen as shown. GS2210 Series User’s Guide...
Page 363: Configuring Snmp
Enter the Get Community string, which is the password for the incoming Get- and GetNext- requests from the management station. The Get Community string is only used by SNMP managers using SNMP version 2c or lower. GS2210 Series User’s Guide...
Page 364: Configuring Snmp Trap Group
From the SNMP screen, click Trap Group to view the screen as shown. Use the Trap Group screen to specify the types of SNMP traps that should be sent to each SNMP manager. Figure 257 Management > Access Control > SNMP > Trap Group GS2210 Series User’s Guide...
Page 365: Enabling/Disabling Sending Of Snmp Traps On A Port
From the SNMP > Trap Group screen, click Port to view the screen as shown. Use this screen to set whether a trap received on the port(s) would be sent to the SNMP manager. Figure 258 Management > Access Control > SNMP > Trap Group > Port GS2210 Series User’s Guide...
Page 366: Configuring Snmp User
User Information Note: Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager. Username Specify the username of a login account on the Switch. GS2210 Series User’s Guide...
Page 367 Group This field displays the SNMP group to which this user belongs. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. GS2210 Series User’s Guide...
Page 368: Setting Up Login Accounts
This is the default administrator account with the “admin” user name. You cannot change the default administrator user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped). New Password Enter your new system password. GS2210 Series User’s Guide...
Page 369: Service Access Control
Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen. GS2210 Series User’s Guide...
Page 370: Remote Management
Click Management > Access Control > Remote Management to view the screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. GS2210 Series User’s Guide...
Page 371: Technical Reference
Cancel Click Cancel to begin configuring this screen afresh. 43.7 Technical Reference This section provides technical background information on the topics discussed in this chapter. GS2210 Series User’s Guide...
Page 372: About Snmp
Used by the agent to inform the manager of some events. SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions. GS2210 Series User’s Guide...
Page 373 This trap is sent when the temperature utOfRange goes above or below the normal operating range. zyHwMonitorTemperatureO 1.3.6.1.4.1.890.1.15.3.26.2.7 This trap is sent when the temperature is utOfRangeRecovered recovered from the out of range to normal operating range. GS2210 Series User’s Guide...
Page 374 This trap is sent when the port is turned Recovered on to recover from a short circuit. zyPoePowerPortOverSyste 1.3.6.1.4.1.890.1.15.3.59.4.7 This trap is sent when the port is turned mBudgetRecovered on to recover from an over system budget. GS2210 Series User’s Guide...
Page 375 The trap is sent when entries in the remote database have any updates. Link Layer Discovery Protocol (LLDP), defined as IEEE 802.1ab, enables LAN devices that support LLDP to exchange their configured settings. This helps eliminate configuration mismatch issues. GS2210 Series User’s Guide...
Page 376 1.3.6.1.4.1.890.1.15.3.110.3.1 This trap is sent when a unidirectional link is detected. zyZuldBidirectionalRecovered 1.3.6.1.4.1.890.1.15.3.110.3.2 This trap is sent when the port which is shut down by ZULD becomes active again. GS2210 Series User’s Guide...
Page 377 1.3.6.1.2.1.80.0.3 This trap is sent when a ping test is completed. traceroute traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails. traceRouteTestCompleted 1.3.6.1.2.1.81.0.3 This trap is sent when a traceroute test is completed. GS2210 Series User’s Guide...
Page 378: Ssh Overview
Figure 264 SSH Communication Example 43.7.2.1 How SSH works The following table summarizes how a secure connection is established between two remote hosts. GS2210 Series User’s Guide...
Page 379 22. Only one SSH connection is allowed at a time. 43.7.2.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. GS2210 Series User’s Guide...
Page 380: Introduction To Https
If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https:// Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access. Internet Explorer Warning Messages Internet Explorer 6 GS2210 Series User’s Guide...
Page 381 Figure 268 Security Certificate Warning (Internet Explorer 7 or 8) After you log in, you will see the red address bar with the message Certificate Error. Click on Certificate Error next to the address bar and click View certificates. GS2210 Series User’s Guide...
Page 382 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button. GS2210 Series User’s Guide...
Page 383 Chapter 43 Access Control Figure 271 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 272 Security Alert (Mozilla Firefox) EXAMPLE GS2210 Series User’s Guide...
Page 384 After you accept the certificate and enter the login username and password, the Switch main screen appears. The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection. Figure 273 Example: Lock Denoting a Secure Connection EXAMPLE GS2210 Series User’s Guide...
Page 385: Diagnostic
Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to ping IP addresses, run a traceroute, perform port tests or show the Switch’s location between devices. Figure 274 Management > Diagnostic GS2210 Series User’s Guide...
Page 386 Short: There is an short circuit detected between the wire-pair. Unknown: The Switch failed to run cable diagnostics on the cable connected this port. Unsupported: The port is a fiber port or it is not active. GS2210 Series User’s Guide...
Page 387 Enter a time interval (in minutes) and click Blink to show the actual location of the Switch between several devices in a rack. The default time interval is 30 minutes. Click Stop to have the Switch terminate the blinking locater LED. GS2210 Series User’s Guide...
Page 388: System Log
The summary table shows the time the log message was recorded and the reason the log message was generated. Click Refresh to update this screen. Click Clear to clear the whole log, regardless of what is currently displayed on the screen. Click Download to save the log to your computer. GS2210 Series User’s Guide...
Page 389: Syslog Setup
The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings and configure a list of external syslog servers. Click Management > Syslog in the navigation panel to display this screen. GS2210 Series User’s Guide...
Page 390 Enter the IP address of the syslog server. Log Level Select the severity level(s) of the logs that you want the device to send to this syslog server. The lower the number, the more critical the logs are. GS2210 Series User’s Guide...
Page 391 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Click Delete to remove the selected entry(ies). Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 392: Cluster Management
The switches being managed by the cluster manager switch. In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 277 Clustering Application Example GS2210 Series User’s Guide...
Page 393: What You Can Do
Index column is a hyperlink leading to the cluster member switch’s web configurator (see Figure 280 on page 396). MacAddr This is the cluster member switch’s hardware MAC address. Name This is the cluster member switch’s System Name. GS2210 Series User’s Guide...
Page 394: Clustering Management Configuration
47.3 Clustering Management Configuration Use this screen to configure clustering management. Click Management > Cluster Management > Configuration to display the next screen. Figure 279 Management > Cluster Management > Configuration EXAMPLE GS2210 Series User’s Guide...
Page 395 Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Remove Click the Remove button to remove the selected cluster member switch(es) from the cluster. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 396: Technical Reference
Figure 280 Cluster Management: Cluster Member Web Configurator Screen example example 47.4.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example. GS2210 Series User’s Guide...
Page 397 430AAHW0.bin member switch. This is the cluster member switch’s firmware name as seen in the cluster fw-00-a0-c5-01-23-46 manager switch. This is the cluster member switch’s configuration file name as seen in the config-00-a0-c5-01-23-46 cluster manager switch. GS2210 Series User’s Guide...
Page 398: Mac Table
Too much port flooding leads to network congestion. • If the Switch has already learned the port for this MAC address, but the destination port is the same as the port it came in on, then it filters the frame. GS2210 Series User’s Guide...
Page 399: Viewing The Mac Table
48.2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static. Click Management > MAC Table in the navigation panel to display the following screen. Figure 283 Management > MAC Table GS2210 Series User’s Guide...
Page 400 This is the VLAN group to which this frame belongs. Port This is the port where the above MAC address is forwarded. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). GS2210 Series User’s Guide...
Page 401: Arp Table
MAC address that replied. 49.2 Viewing the ARP Table Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries. Click Management > ARP Table in the navigation panel to open the following screen. GS2210 Series User’s Guide...
Page 402 This shows 0 for a static entry. Type This shows whether the IP address is dynamic (learned by the Switch) or static (manually configured in the Basic Setting > IP Setup or IP Application > ARP Setup > Static ARP screen). GS2210 Series User’s Guide...
Page 403: Path Mtu Table
This field displays the maximum transmission unit of the links in the path. Expire This field displays how long (in minutes) an entry can still remain in the Path MTU table before it ages out and needs to be relearned. GS2210 Series User’s Guide...
Page 404: Configure Clone
This chapter shows you how you can copy the settings of one port onto other ports. 51.2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen. GS2210 Series User’s Guide...
Page 405 Chapter 51 Configure Clone Figure 286 Management > Configure Clone GS2210 Series User’s Guide...
Page 406 Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. GS2210 Series User’s Guide...
Page 407: Ipv6 Neighbor Table
This field displays the IPv6 address of the Switch or a neighboring device. Address This field displays the MAC address of the IPv6 interface on which the IPv6 address is configured or the MAC address of the neighboring device. GS2210 Series User’s Guide...
Page 408 • dynamic (D): The IP address to MAC address can be successfully resolved using IPv6 Neighbor Discovery protocol. Is it similar as IPv4 ARP (Address Resolution protocol). • static (S): The interface address is statically configured. GS2210 Series User’s Guide...
Page 409: Troubleshooting
Make sure you understand the normal behavior of the LED. See Section 3.3 on page Check the hardware connections. See Section 53.1 on page 409. Inspect your cables for damage. Contact the vendor to replace any damaged cables. GS2210 Series User’s Guide...
Page 410: Switch Access And Login
Make sure your computer is in the same subnet as the Switch. (If you know that there are routers between your computer and the Switch, skip this step.) Reset the device to its factory defaults, and try to access the Switch with the default IP address. Section 4.6 on page GS2210 Series User’s Guide...
Page 411 The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and then you should see the rest of Advanced Application submenus at the bottom of the navigation panel. There is unauthorized access to my Switch via telnet, HTTP and SSH. GS2210 Series User’s Guide...
Page 412: Switch Configuration
Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 42.5 on page 357 for more information about how to save your configuration. GS2210 Series User’s Guide...
Page 413: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 414 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
Page 415 Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech Republic • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 416 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 417 Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Israel • ZyXEL Communication Corporation • http://il.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/me/en North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ GS2210 Series User’s Guide...
Page 418 Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za GS2210 Series User’s Guide...
Page 419: Appendix B Common Services
File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail. H.323 1720 NetMeeting uses this protocol. GS2210 Series User’s Guide...
Page 420 REXEC Remote Execution Daemon. RLOGIN Remote Login. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP Simple File Transfer Protocol. GS2210 Series User’s Guide...
Page 421 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. GS2210 Series User’s Guide...
Page 422: Appendix C Ipv6
A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 207 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits GS2210 Series User’s Guide...
Page 423: Global Address
The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 209 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 GS2210 Series User’s Guide...
Page 424 (beginning with fe80). When the interface is connected to a network with a router and the Switch is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another address which GS2210 Series User’s Guide...
Page 425 The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, In IPv6, all network interfaces can be associated with several addresses. GS2210 Series User’s Guide...
Page 426 When the Switch needs to send a packet, it first consults the destination cache to determine the next hop. If there is no matching entry in the destination cache, the Switch uses the prefix list to GS2210 Series User’s Guide...
Page 427 Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. GS2210 Series User’s Guide...
Page 428 To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. GS2210 Series User’s Guide...
Page 429 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 GS2210 Series User’s Guide...
Page 430: Appendix D Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) and ZON (ZyXEL One Network)are registered trademarks of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 431 • For PERMANENTLY CONNECTED EQUIPMENT, a readily accessible disconnect device shall be incorporated external to the equipment; • For PLUGGABLE EQUIPMENT, the socket-outlet shall be installed near the equipment and shall be easily accessible. GS2210 Series User’s Guide...
Page 432: Weee Directive
återvinningsstation. Vid tiden för kasseringen bidrar du till en bättre miljö och mänsklig hälsa genom att göra dig av med den på ett återvinningsställe. GS2210 Series User’s Guide...
Page 433 Appendix D Legal Information Environmental Product Declaration GS2210 Series User’s Guide...
Page 434: Zyxel Limited Warranty
North American products. Trademarks ZyNOS (ZyXEL Network Operating System) and ZON (ZyXEL One Network)are registered trademarks of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 435: Index
BPDU (Bridge Protocol Data Units) applications BPDU guard backbone and Errdisable Recovery bridging port status IEEE 802.1Q VLAN BPDUs switched workgroup Bridge Protocol Data Units Bridge Protocol Data Units (BPDUs) how it works broadcast storm control learning mode GS2210 Series User’s Guide...
Page 436 Common and Internal Spanning Tree, See CIST remote-ID configuration diagnostics change running config Ethernet port test saving ping configuration file Differentiated Service (DiffServ) backup restore Differentiated Services 40, 357 saving DiffServ console port activate DS field contact information GS2210 Series User’s Guide...
Page 437 GVRP (GARP VLAN Registration Protocol) FCC interference statement file transfer using FTP hardware installation command example hardware monitor filename convention, configuration hardware overview configuration hello time file names high power filtering rules HTTPS GS2210 Series User’s Guide...
Page 438 PAgP static bindings point to point IP subnet mask IPv4 source guard tunnel port UDLD IPv6 addressing EUI-64 LACP 148, 264 global address system priority interface ID timeout link-local address Layer 2 protocol tunneling, see L2PT GS2210 Series User’s Guide...
Page 439 MIB (Management Information Base) vs. STP mirroring ports MLD filtering profile MLD snooping-proxy filtering filtering profile port role MAC (Media Access Control) VLAN ID MAC address monitor port 65, 401 maximum number per port mounting brackets GS2210 Series User’s Guide...
Page 440 Port Aggregation Protocol, see PAgP network applications port authentication network management system (NMS) guest VLAN NTP (RFC-1305) IEEE802.1x MAC authentication method port cloning 404, 406 advanced settings 404, 406 basic settings 404, 406 details port details GS2210 Series User’s Guide...
Page 441 40, 354 isolated port to factory default settings overview restoring configuration 40, 357 promiscuous port RFC 3164 product registration Round Robin Scheduling protocol based VLAN RSTP and IEEE 802.1Q tagging configuration application example GS2210 Series User’s Guide...
Page 442 DHCP VLAN SPQ (Strict Priority Queuing) priority setup encryption methods subnet based VLANs how it works switch lockout implementation switch reset SSH (Secure Shell) switch setup SSL (Secure Socket Layer) syslog standby ports protocol static bindings settings GS2210 Series User’s Guide...
Page 443 DHCP snooping tagged PPPoE IA terminology tunnel protocol attribute trunking 95, 101 and RADIUS type 69, 95 tutorials VLAN (Virtual Local Area Network) DHCP snooping VLAN ID 72, 93 Type of Serivce VLAN terminology VLAN trunking GS2210 Series User’s Guide...
Page 444 ZON neighbor management ZON Utility ZULD and Error Disable example mode probe time status ZULD (ZyXEL Unidirectional Link Detection) ZyNOS (ZyXEL Network Operating System) ZyXEL Discovery Protocol ZyXEL Unidirectional Link Detection ZyXEL Unidirectional Link Detection (ZULD) GS2210 Series User’s Guide...

ZyXEL Communications GS2210 Series User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Getting to Know Your Switch

Chapter 2 Hardware Installation and Connection

Chapter 3 Hardware Panels

Technical Reference

Part II: Technical Reference

Chapter 4 The Web Configurator

Chapter 5 Initial Setup Example

Chapter 6 Tutorials

Chapter 7 Status and ZON

Chapter 8 Basic Setting

Chapter 9 VLAN

Chapter 10 Static MAC Forward Setup

Chapter 11 Static Multicast Forward Setup

Chapter 12 Filtering

Chapter 13 Spanning Tree Protocol

Chapter 14 Bandwidth Control

Chapter 15 Broadcast Storm Control

Chapter 16 Mirroring

Chapter 17 Link Aggregation

Chapter 18 Port Authentication

Chapter 19 Port Security

Chapter 20 Time Range

Chapter 21 Classifier

Chapter 22 Policy Rule

Chapter 23 Queuing Method

Chapter 24 Multicast

Chapter 25 AAA

Chapter 26 IP Source Guard

Chapter 27 Loop Guard

Chapter 28 Layer 2 Protocol Tunneling

Chapter 29 Pppoe

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications GS2210 Series

Summary of Contents for ZyXEL Communications GS2210 Series